Martijn Wargers and Nick Mott described crashes of Mozilla due to theuse of a deleted controller context. In theory this could be abused toexecute malicious code. Since Mozilla and Firefox share the samecodebase, Firefox may be vulnerable as well.

For the stable distribution (sarge) this problem has been fixed inversion 1.7.8-1sarge7.

For the unstable distribution (sid) this problem has been fixed inversion 1.5.dfsg+1.5.0.3-1.